Ubuntu Servers :: Suexec / Run Php As User Not Apache
Apr 4, 2010
When we run php scripts that move/rename/etc files, the script does not have access to write to files in our web root. Changing permissions to 777 fixes the problem, but obviously this is not an option..I've been reading up about suexec, phpsuexec, and suphp, but we can't seem to figure any of this out.In phpinfo(),the Server API reads: Server API Apache 2.0 Handlerbut on another server (where everything works, it reads : Server API CGI/FastCGIIs there ANY way to achieve this?
View 2 Replies
ADVERTISEMENT
Jun 25, 2011
I'm having a problem with mod_suexec in Fedora 15.I have suexec set up in Apache, snippits from httpd.conf:
Code:
LoadModule suexec_module modules/mod_suexec.so
...
[code]....
View 3 Replies
View Related
Sep 1, 2010
Apache/2.2.3
CentOS release 5.4 (Final)
BackupPC-3.1.0-6.el5
So im setting up backuppc but do not want Apache to run as the backuppc user. To get round this I need to setup suEXEC so that CGI scripts are ran as the backuppc user. This seems fine and I do have the module loaded,
1. I have configured my config files as said here
2. I have read that DOC_ROOT for suEXEC is set to /var/www I need to change this to /home/www - as a quick fix i have a symbolic link from /var/www to /home/www.
3. To confirm what DOC_ROOT is and check where the log file will be as suggested on many sites I run "/usr/sbin/suexec -V" but I get nothing back, it does not list any config.
4. Group and Owner for "/usr/share/BackupPC" is backuppc
[Code]...
View 1 Replies
View Related
May 12, 2010
I'm configuring Apache for the first time on this box (8.04 LTS) and Apache2 for the first time ever. "Out of the box" it runs fine and I get the "It Works" page okay. But I'd like to use the virtual site feature to direct Apache to a folder in my user space, and I keep getting errors.
When I point a browser at localhost, the 404 message is "The requested URL / was not found on this server." and the /var/log/apache2/error.log ends with "File does not exist: /htdocs.
Here's my config file from the apache2/sites-available folder:
Code:
I diff'ed this file with the default and the only differences are in the DocumentRoot line and the <Directory ...> line.
My public_html folder has permissions 755 and the index.html file is 644.
View 7 Replies
View Related
Sep 23, 2010
I want to setup a folder (several really) for websites that use PHP.
I am running Linux Ubuntu with PHP, APACHE installed.
The Apache server works in Firefox as 127.0.1.1 no problem.
The default directory is (DocumentRoot) /var/www This is stored in a file called /etc/apache2/sites-enabled/000-default
PHP executes no problem, if it is in the default directory (/var/www).
However, I'd like to activate PHP in a folder on another hard-drive (also).
In that folder I'd like to store several websites, all which will use PHP and MYSQL.
The problem is, my boot drive where /var/www currently is located has only 2 gig of space (21 gig for operating system, which seems high).
PHP files in the other hard drive do not execute, even under APACHE server.
How can I safely change the PHP enabled folder? How can I add more folders, without erasing the current one?
View 2 Replies
View Related
Feb 2, 2009
I have FC10 newly installed, and Apache is serving content from /var/www/ okay.
I'm trying to get Apache to serve web content from user's home directories. This is what I've tried with no success:
Uncommented 'UserDir public_htm' in /etc/httpd/conf/httpd.conf and commented out 'UserDir disabled'.
And...
Uncommented user directory section in /etc/httpd/conf/httpd.conf. It now reads as follows:
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
[Code].....
I also tried setenforce 0 to temporarily disable SELinux until the next reboot. No luck. It doesn't appear to be an SELinux issue.
That's as far as the information available will take me. I still get URL 'Not Found' when I try to access http://192.168.0.2/~myusername/
setting up user home directory web access?
View 1 Replies
View Related
Mar 14, 2009
I want to enable User Directories in Apache. So in httpd.conf I set:
Code:
<IfModule mod_userdir.c>
#UserDir enabled // commented out
UserDir public_html
</IfModule>
Directory /home/kees is listed has the following file permissions: drwx--x--x 32 kees kees
Directory /home/kees/public_html has the following file permissions: drwxr-xr-x 2 root root
Directory public_html has two files: index.html and index.php, both with file permissions: -rwxr-xr-x 1 root root If I now try to open http://myhost/~kees/index.html (or index.php) in my browser I get a 403 Forbidden error. If I look in my error log I see the following messages if I first try to open the index.html and then the index.php file:
[Code]...
View 4 Replies
View Related
May 6, 2009
I have apache working,i have users set under admin group in /home/admin/username/html that is with an html publicfolder at the end, now permissions are set right, /html is set to mode 777, and the contents also inside them. But everytime i do a 10.0.11.25/~les i get a damn forbidden error code, its got me so pissed off and i dont' know whats the problem. This is the error i get: Forbidden 403 You don't have permission to access /~les on this server.
Code:
[Tue May 05 19:37:48 2009] [notice] Apache/2.2.11 (Unix) DAV/2 PHP/5.2.6 configured -- resuming normal operations
[Tue May 05 20:44:30 2009] [error] [client 10.3.0.254] (13)Permission denied: access to /~les denied
[code]....
View 10 Replies
View Related
May 28, 2010
I want to automaticly set the group ownership of user home directories to a group that the user is not part of. This is so that Apache can be part of this group and can access user public HTML directory, but other users are not able to access in any way the files in the users home directory. What I have seen that works manually is adding the user and then changing the group for the home directory. But I want to automatically set this when the user account is created. WHat I see happening is that when /etc/skel is copied, it automatically sets the group and ownership of everything to the users default group and ownership. I've seen some suggestions on setting permissions, but these don't seem to work because it seems that users are able to cd into a directory and not list it, but if they know the file name they can access the file.
View 1 Replies
View Related
Jun 17, 2010
I am setting a Lucid mail server, and got dspam and mailgraph installed. dspam requires suexec module for apache, but it breaks mailgraph with "500 Internal Server Error":
[Code].....
View 1 Replies
View Related
May 26, 2010
I just got a new server dedicated running php5 and SUExec. I understand the concept. INstead of running as "nobody", PHP scripts run as the user of that website. This also means I don't have to have some special directory where I set permissions to 775 or 770 with group=nobody etc just to upload files via PHP .. since PHP will upload files just as the user would using FTP. OK, great so far, and more security, I'm all for it.
View 1 Replies
View Related
Aug 5, 2011
My web server does not currently run Suexec. All files within the /var/www directory are owned by vsftpd and belong to nogroup. Apparently, this setup causes issues with some scripts that attempt to upload files and change files, such as the SMF Forum package.
Here's some background information that goes into further details regarding the issues I'm having:[URL]..Why would uploading a file using PHP in SMF not work with the owner being vsftpd belonging to the nogroup when the folder has been chmod to 777? I tested my own simple PHP upload script, and it was able to upload a file without issues. Yet, I've been told that my server is improperly configured if I'm not using Suexec. Why is this? Also, if I did use Suexec, what creates the users? Would I have to add them manually, or would they be created automatically as users based on their FTP login and added as subusers to the vsftpd group? Why should I use Suexec? I don't understand what's wrong with my current setup. How does it work in terms of users? Are users created and just added to a subgroup, or are they created like normal user accounts on the actual server? Do they get their own /home/username directory as well? I'm so confused about Suexec. What I've read about it doesn't make sense.[URL]..
View 1 Replies
View Related
May 3, 2010
I have Webmin installed on an Ubuntu server. I currently have a successful apache server running on port 80, however I want to create a virtual host on port 81. When I try I go to servers->Apache Webserver-> Create Virtual Host I change the port to 81 and the document root to /var/port81www then I click create. How ever when I goto 192.168.1.5:81 (local ip, I know I have to port forward but its not even working local) it does not work.
View 5 Replies
View Related
Jul 7, 2010
Basically when I try execute a PHP script with SuexecUserGroup set, I get the following error:
uid: (501/uname) gid: (501/501) cmd: php-cgi
command not in docroot (/usr/bin/php-cgi)
Without SuexecUserGroup set, they work fine, but obviously aren't executed as the script's owner.
Here's one of the domain's configs:
Code:
<VirtualHost *:80>
ServerName www.domain
ServerAlias domain
[code]...
For a bit of background info, the end result i'm trying to achieve is for files that get uploaded via a php script to be owned by the user account that owns the script rather than by the apache user.
View 1 Replies
View Related
Oct 29, 2010
Im trying to limit the diskspace users on the system may consume, and i found quotas (im a total linux noob). But when i try to set it, no matter what i set it to the maximus is 2 GB. Now... i need quite a lot more than that. One user should be able to use 1900 GB and the other 600 GB. How can i fix this? Im using ubuntu server 10.04.
View 9 Replies
View Related
Jun 13, 2010
What would be the effect of setting ProFTPd's user and group to the same user and group that Apache use? Are there any security risks in doing this, or is this safe to do?
View 4 Replies
View Related
Aug 10, 2011
i created a user apache in group apache and by useradd and groupadd command. i am working on a user called server and group is also server. The login screen shows both the users apache and server. My concern is that if sombody has the password to the username apache, hecan login. How do you disable user apache on the login screen so that it only shows user server.
View 3 Replies
View Related
May 12, 2015
I've installed Debian 6.0.7 with apache, php, mysql and phpmyadmin. We have a server with active directory and ldap where all the Windowsclients log on.
I want to view the username of the users visiting the Debianserver with $_SERVER["REMOTE_USER"] so I can give them personalized settings.
Tried installing the NTLM module from sourceforge but that didn't work, winbind also didn't work ...
View 1 Replies
View Related
Jul 29, 2011
When I run the ps -efH command to list out all the process, I can see Apache running as root and seems to have sub-processes running as www-data. Here's the excerpt:
root 30117 1 0 09:10 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 30119 30117 0 09:10 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 30120 30117 0 09:10 ? 00:00:00 /usr/sbin/apache2 -k start
[code]....
View 2 Replies
View Related
Oct 25, 2010
I have to develop a php script, that acts as a man-in-the middle for a db-like-software and a webshop. This should run on a server within a DMZ, behind two firewalls, that should filter every request from other sources, than the eshop, and any other protocol than HTTPS. This server is a debian-machine, with a apache 2.2 and php 5.3. I've installed apache and php without any problems, installed openssl, generated a certificat and installed it. I tested the connection successfully. The eshop-server can connect to the server inside the DMZ without problems and receives a correct answer.
The db-like-software (called "netbasic") generates a csv-file in a fixed directory. this csv-fils has an owner called "netbasic". The file-access-rights are: -rwxr--r-- (I've some problems to interpret this. I know, r stands for read and w for write, x for both and the order is for different usergroups). My problem is now, that my php-script tries to read the file (successfull), generates output (successfull) and then deletes the file (failed -> permission denied). I figured out, that the problem is, that apache (or, I don't know, just php) don't runs as root and has therefore no write-permission. Because the server is already secured with the firewalls, we, my workmates and me, don't see a problem, to change the apache-user to root. but I don't know how this is done and don't know, what to search for.
View 7 Replies
View Related
Oct 16, 2010
I'm using ubuntu 10.04. Apache server is associated with www-data.I frequently run into problems editing or deleting files created by a cgi script, as they have ownership of www-data:www-data.How can I safely modify my system so that the output files are editable or deletable by user tim?
View 2 Replies
View Related
Aug 27, 2010
I migrated joomla to my new server and noticed that the script doesn't have the permission to edit it's own configuration file and write to the cache folder. All my files are owned by root, which I guess isn't a good idea.
As what user do the PHP scripts run? Or is this system specific? I don't want to chmod all files to 777 so I'd just like to change file and folder ownerships to the user that is executing that script.
View 1 Replies
View Related
May 24, 2011
I've had a recent idea to have PHP take information from a form, save it to a file, which in turn is read from a local script as root (cron) which will create the user account, proper directories, add the website to the Apache sites, and reload Apache. anyone actually accomplished this before? And if so, can I get some links or some ideas to possibly help me on the process of getting started?
View 1 Replies
View Related
Oct 29, 2010
Where I work, the IT people have the systems setup (wrongly in my opinion) to require not just the user's username but to have the username pre-pended with regional info. Like this:Username: RegionName//UserNamePassword: ********The server I maintain doesn't require this (even though I have it authenticate through the same services as the rest of IT (active directory via ldap))The problem is I see lots of authentication errors in my apache error_log file because people are using the RegionName//UserName login
View 1 Replies
View Related
Nov 7, 2010
I want to run a soft that is daemonized, and listens on port 6789. This soft is launched through a php page, so, by the apache user. The probl�me is that the apache user does not has rights to open / listen on a port. I tried to add apache user to the root group, but it won't help. In the application log, I have this every second :
[code]...
I tried to add apache user in the sudoers with a nopasswd but it's still a no go.
View 4 Replies
View Related
Jun 24, 2010
We have installed apache 2.2.15 webserver on A rhel 5 Linux 64 box using the user wwwadm group www
We can start the webserver using root and it works fine but we dont have root access forever so we want the wwwadm user to have all the rights and we can start/stop/restart the Apache server using this wwwadm user.
View 1 Replies
View Related
Dec 10, 2010
I'm trying to get Apache to run in a user's home directory. I changed the conf file so that Apache runs under the user and group "kiosk" and changed the DocumentRoot and Directory from the default to "/home/kiosk". Then I set Apache to start at boot (chkconfig --level 235 httpd on) and rebooted. When I checked, httpd is running as kiosk like it should (ps aux | grep httpd). However, when I try wget localhost, I get a 403 response back. If as root I call "httpd -k stop" and then "httpd -k start", then everything works exactly as it should (curiously, if I try using "-k restart", it still doesn't work). After this, httpd still shows as running as kiosk and if I check before calling start, it shows no httpd processes running as expected.
This only happens when I use httpd to stop and then start the web server. If I try to restart using apachectl I still get a 403 error. As an interesting aside, after I've used httpd, if I try using "apachectl restart" I get a "(13)Permission denied: Error retrieving pid file run/httpd.pid" error. This is all on a freshly installed CentOS 5.5 server. Why I'm seeing this very different behaviour from what I thought were just equivalent ways of starting Apache? And then what I could do to get it to start up and run properly on boot? One last item to mention is this isn't a permissions problem. I set the permissions to 777 to both the home and kiosk directories (and 666 to the web files) just to be sure that's not the problem.
View 4 Replies
View Related
Apr 29, 2009
I want my apache user (www-data) to be able to umount drives that are mounted with fuse. (i think it is the same as regular umount, but i'm not sure)
when i execute: www-data@1:$ umount /2345umount: /2345 is not in the fstab (and you are not root)
how can i get this done?
View 4 Replies
View Related
Dec 13, 2010
In CGI scripts, there are certain files that are getting "permission denied" when it seems they should be accessible by the apache user. I am running the default package install of apache under fedora. Here is an example:The following is /var/www/cgi-bin/test.pl
Code:
#!/usr/bin/perl
use strict;
[code]...
View 9 Replies
View Related
Jul 17, 2010
I have written a simple perl program to add a command to iptables. Here is my code :
Code:
#! /usr/bin/perl
print "Content-type: text/html
";
system("iptables -A FORWARD -s 192.168.0.2 -j DROP");
I put this file in cgi-bin folder of Apache server. Here is my problem : when I run this file with shell as root user it makes change to iptables, but when I use my browser to run this file, it doesn't make any change. I'm sure this is because Apache doesn't have permission to manipulate iptables. How can I start Apache as a user with root privileges ?
View 8 Replies
View Related
